HOMEVULNERABILITIESCVE-2026-23161
HIGH

CVE-2026-23161

Published: February 14, 2026· Updated: Feb 18, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:3.7th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

mm/shmem, swap: fix race of truncate and swap entry split

The helper for shmem swap freeing is not handling the order of swap

entries correctly. It uses xa_cmpxchg_irq to erase the swap entry, but it

gets the entry order before that using xa_get_order without lock

protection, and it may get an outdated order value if the entry is split

or changed in other ways after the xa_get_order and before the

xa_cmpxchg_irq.

And besides, the order could grow and be larger than expected, and cause

truncation to erase data beyond the end border. For example, if the

target entry and following entries are swapped in or freed, then a large

folio was added in place and swapped out, using the same entry, the

xa_cmpxchg_irq will still succeed, it's very unlikely to happen though.

To fix that, open code the Xarray cmpxchg and put the order retrieval and

value checking in the same critical section. Also, ensure the order won't

exceed the end border, skip it if the entry goes across the border.

Skipping large swap entries crosses the end border is safe here. Shmem

truncate iterates the range twice, in the first iteration,

find_lock_entries already filtered such entries, and shmem will swapin the

entries that cross the end border and partially truncate the folio (split

the folio or at least zero part of it). So in the second loop here, if we

see a swap entry that crosses the end order, it must at least have its

content erased already.

I observed random swapoff hangs and kernel panics when stress testing

ZSWAP with shmem. After applying this patch, all problems are gone.

NVD Source

Technical Analysis

CVE-2026-23161 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-23161
SeverityHIGH
CISA KEVNo
EPSS (30d)0.02%
PublishedFeb 14, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23161 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.